CVE-2021-47901

CriticalPublic PoC

Published: 27 January 2026

Published

27 January 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0007 20.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47901 is a critical-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 20.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-15 (Information Output Filtering) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the CSV injection flaw in Dirsearch by identifying, patching, and testing updates to prevent formula injection via redirected paths.

SI-15 Information Output Filtering good match

prevent

Filters untrusted data from external server redirects before writing to CSV reports, blocking malicious Excel formulas from being included.

SI-10 Information Input Validation partial match

prevent

Validates paths received from redirected endpoints to reject those containing formula injection payloads like '=' or commands.

NVD Description

Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report.

Deeper analysisAI

CVE-2021-47901 is a CSV injection vulnerability affecting Dirsearch version 0.4.1, a directory and file path brute-forcer tool. The flaw arises when the --csv-report flag is used to generate reports, enabling attackers to inject malicious formulas via redirected endpoints. Specifically, attackers can craft server redirects containing comma-separated paths embedded with Excel formulas, which manipulate the output CSV file. The vulnerability is rated at CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-1236.

Remote attackers can exploit this vulnerability without authentication, privileges, or user interaction, requiring only low attack complexity over the network. By controlling a server that Dirsearch queries during a scan, an attacker redirects requests to paths with injected formulas (e.g., =cmd|' /C calc'!A0), which are written unescaped into the CSV report. When a victim opens the report in spreadsheet software like Excel, the formulas execute, potentially leading to arbitrary code execution, data exfiltration, or other impacts aligned with the high confidentiality, integrity, and availability ratings.

Advisories and references provide additional details on exploitation and mitigation. The Vulncheck advisory at https://www.vulncheck.com/advisories/dirsearch-csv-injection outlines the issue, while an exploit proof-of-concept is available at https://www.exploit-db.com/exploits/49370. The Dirsearch GitHub repository at https://github.com/maurosoria/dirsearch serves as the primary source for checking updates or patches.

Details

CWE(s): CWE-1236

CVEs Like This One

CVE-2024-55532Shared CWE-1236

CVE-2020-36962Shared CWE-1236

CVE-2020-36941Shared CWE-1236

CVE-2025-50572Shared CWE-1236

CVE-2025-55745Shared CWE-1236

CVE-2023-51319Shared CWE-1236

CVE-2025-67851Shared CWE-1236

CVE-2024-45084Shared CWE-1236

CVE-2025-56267Shared CWE-1236

CVE-2026-23873Shared CWE-1236

References

https://github.com/maurosoria/dirsearch
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/49370
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/dirsearch-csv-injection
disclosure@vulncheck.com